Ward Mundy's Technobabblelog

Category: MP3 Devices

Rather than providing another glowing review of the iPad 2®, we thought it might be more helpful to sketch out the daily use potential of this incredible device based upon our experience and that of our 10-year old daughter. Yes, we’re one of the 30% who purchased an iPad 2 having already owned a number of first generation iPads. With double the RAM and nearly double the processing power of the first generation device, the one cautionary note that potential purchasers should heed is don’t buy the $499 model. Our daughter has survived a year with a $499 iPad only to find it completely full when she attempted to load Garage Band. And you will want Garage Band which is a storage hog by iPad standards. That’s not to suggest that Katherine’s iPad hasn’t served her well. She has almost 150 applications plus substantial collections of photos and music. What she doesn’t have is movies and video clips. With the addition of two cameras on the iPad 2 as well as Camera, AutoStitch, Movie, and Photo Booth apps and once you see what’s possible with iMovie, you’ll be begging for more storage capacity. Keep in mind that your storage capacity choice is irrevocable! There’s no way to add more storage later unless you buy a new device. And there’s no external storage other than removing apps and data through the iTunes interface. Perhaps more than anything else, that’s why the absence of a microSD slot on the iPad 2 is both a significant shortcoming and a huge disappointment.

The other suggestion we would offer to first-time iPad 2 purchasers is this. Get organized early. What we mean is decide early on how you’re going to use the 10 screens to organize your applications. Before the year is out, you will use all 10 screens assuming your bank account survives. At least now you can also create folders within a screen if you run out of room. Here’s our methodology, and it has served us pretty well. Screen 1 is reserved for the apps we use every day. The other screens are reserved for categories of applications: business, news and books, social, drawing and graphics, music, games, location-based services, and system/network management. If you’re a big gamer, artist, or musician, you may want to reserve two screens for your favorite category. The point is to spend a little time up front deciding how to organize applications. And, fortunately, you can move things around with the iTunes interface down the road so long as you leave one screen available for reorganizing.

You can also place six apps at the bottom of the display, and these are accessible from all 10 screens. Here’s where you’d want your browser, email or Gmail buttons, App Store, and Settings. That leaves you two more must-have apps. If you play music all the time, you’d probably want the iPod app. If you look at Photos all the time, you’d want the Photo app. But you get the idea, use Screen 1 for Daily Use Apps and the 6 bottom slots for your must-have at all times apps. If you don’t heed this advice, then you’ll find yourself having to search for apps on Screen 0 every time you want to use an application.

Favorite Apps. That brings us to our favorite apps. For ease of reference, we’ll cover these in the same way they are organized on our iPad 2. And, we’d love to hear about your favorite apps, too. Just post a comment. In the Daily Use category, here’s our list:

Most of the above applications are self-explanatory, but we’ll mention a few. If you have a Mac, then EyeTV is a must-have addition. It lets you play and record all your favorite TV shows. Removing commercials from a one-hour show is about a 2-minute click-and-drag operation. And it’s incredibly easy to export your favorite recordings in either iPhone or iPad format. So long as iTunes is running on your Mac desktop, you can play your recordings or live TV at any time using either a WiFi or 3G network connection. SlingPlayer does much the same thing (only worse) with no recording capability, but it works with Windows machines as well as Macs, and it’s a standalone device. The Netflix app lets you stream movies and TV shows to your iPad for $7.99 a month, and it supports 6 simultaneous devices including many current generation HDTVs. OBiON is the VoIP app that lets you make free Google Voice calls in the U.S. and Canada using your $49 OBi device. You can read all about it here. If you have an Asterisk® PBX, then you’ll want Bria and our Travelin’ Man app for secure, remote, and free SIP communications. Finally, there’s the new iSWiFTER app which brings Flash video back from the dead on the iPad platform. It’s free for a limited time and, believe it or not, it’s available in the App Store.

Books & News. We spend every morning at the breakfast table with the Books & News page on our iPad. Here’s our list:

Of all the ToDo applications that are available (and we’ve tried most of them), we like Todo the best. But, for quick reminders, you can’t beat Due. GoodReader, Keynote, and Pages are must have business apps, and iMovie is every bit as good as the app on the Mac. It’s about perfect for an on-the-go, need-it-in-a-hurry project.

Navigation & Wi-Fi Apps. When we’re on the road or looking for a WiFi Hot Spot or good place to eat, here’s our list:

GPS navigation on the roads is hit and miss on the iPad. Nothing comes close to Google Maps navigation. CoPilot could be a contender except for the outdated maps and copy protection paranoia. On the water, both Charts & TIdes and Navionics Marine are fantastic. We compared both of them to a $10,000 Nav system on a very fine boat only yesterday. There was virtually no difference in the information available with the exception of the radar-enhanced features. If you’re always shopping for real estate, there is no finer app than Zillow, period. If you’re in to fast cars, there is no finer app than Trapster.

Games. Last but not least, everybody needs a diversion once in a while. Here’s a list of some of our favorite iPad games:

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

As the old saying goes, “Beauty is only skin deep.” And so it is with Motorola’s new overhyped Xoom tablet featuring Android 3.0. We really wanted to like this device. The form factor sounded appealing, Android 3.0 is awesome, and dual cameras plus a dual-core processor had us chomping at the bit for a chance to try out this bad boy. It’s hard to find a new toy we don’t like, but then along comes the Xoom. It may weigh the same as an iPad, but it feels much more bulky. We personally like the form factor of Samsung’s Galaxy Tab compared to this monstrosity. And the dual core processor was a disappointment as well. We noticed very little difference in performance during our real world testing. You’re not going to hold this device with one hand for very long. It’s too heavy in all the wrong places. So we kept asking ourselves, “Where would you use it?” And the most likely places would be in bed or sitting on it’s $149 speaker dock connected to a big monitor. For both of those options, there are better solutions with an Apple TV and an iMac. The biggest fail may be the power button, positioned on the back of the unit at the exact spot most folks will use to hold the device to watch a movie.

Vaporware: 3.0 Strikes & You’re Out. We’ve saved the real Parade of Horrors for last. Motorola basically ruined the introduction of Android 3.0, designed specifically for the tablet form factor, by prematurely releasing this half-baked product. They hyped Verizon’s 4G network, but there’s not one 4G component in the device. You’ll have to send it back to Motorola for a week to get that upgrade… someday. Motorola advertised Adobe Flash support which still is the Achilles’ Heel of the iPad. But there’s no Flash to be found. Talk about ironic, you can’t view Motorola’s XOOM web site from the device. Flash, too, will be an upgrade… someday. Then there’s the non-functional microSD slot. Yep, you guessed it. Someday. Sorry, but $800++ for a prototype device is insulting. It also says something about Google’s lack of control over manufacturers. Seems to us it wouldn’t be that difficult to write a license agreement that says, if you want to use our trademarks on your device, you won’t release the product until a specified list of functions actually work. And pardon us for stating the obvious but advertising should be something more than a big pile of bullsh*t.

For those that are silly enough to buy the Xoom, there is some good news. The device was rooted in a matter of hours. So you can load all your favorite utilities and functions easily. Here’s a link to the cookbook. Be aware that rooting the device may deprive you of the ability to ever get the vaporware upgraded for 4G, Flash, and a functioning microSD slot. Of course, maybe that was the plan all along.

There are many good reviews of the Xoom and Android 3.0 if you want the usual Silicon Valley PR fluff from the folks that received the evaluation units. Start here and here. Suffice it to say, it’s a major upgrade to Android. We like the new UI; however, we’re not all that keen on the lack of buttons and particularly the placement of the Home and Back icons in the lower left corner of the screen. 90% of the world is right-handed. So why you’d position the most used screen real estate in the most difficult place to access it with your right hand while holding the device in your left hand is a real head-scratcher.

Finally, a word about data plans. In order to purchase our unit at full retail from Best Buy, we had to buy at least one month of Verizon service. In our law school days, this used to be called tying in antitrust law. Since it makes corporations extra money, it’s probably fine today. Verizon, however, has taken greed to a whole new level. And this is just for 3G service. 4G reportedly will cost a few cents more. 1GB of data will cost you $20 a month. That’s about two 4-hour car trips with a teenager using the device. 3GB of data will cost you $35, 5GB runs $50, and 10GB is a whopping $80. As a point of reference, AT&T’s 2GB data plan with equivalent 3G service is $25 for the iPad. So, yes, you’ll be using WiFi a lot thanks to the greed of Verizon and AT&T. Of course, you can’t buy a WiFi-only unit. That’ll be available someday after Verizon has gotten their initial pound of flesh. And, at least for us, WiFi performance compared with the iPad and Galaxy Tab was no great shakes. What is certain is that, with this device, you probably will want to consider tethering from a cellphone that still has an unlimited data plan unless you’re willing to give up eating lunch in order to pay your monthly Verizon bill. HINT: Read our review of the Optimus V and Virgin Mobile’s $25 a month unlimited 3G data deal. Or Sprint’s Mobile HotSpot for the HTC Evo runs $1 a day and provides unlimited 4G data at a fraction of the cost of Verizon’s 3G offerings.

Footnote: Following our return of the device and cancellation of the service, we received a bill from Verizon which included an undisclosed $35 activation fee in addition to the prorated charges for data service. AT&T charges no activation fees on iPads and other tablets. With this addition, it boosts the cost of the Motorola Xoom sufficiently to make it more costly than even the top-of-the-line iPad 2. After 30 minutes on the phone with Verizon “customer care,” a supervisor finally waived the $35 fee. And you thought no company could rival AT&T’s dismal track record. Think again.

My 10-year-old daughter echoed our sentiments about the Motorola Xoom: “Thanks. I’ll keep my iPad.” In case you’ve forgotten, Apple will announce a new iPad later this week, and we wouldn’t be surprised to see a new processor and (working) microSD slot in addition to the oft-reported camera additions. We recommend you wait for a better alternative! There will be many, not someday, but very soon. And, indeed, there now are. See our recent article.

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

Ever had one of those weeks? It was a wild ride these past 7 days with the introduction of Asterisk® 1.8.1 and some new Google Voice twists. And then there was our DNS provider Omnis.com that trashed name resolution for our primary domain, pbxinaflash.net, while claiming with a straight face that they didn't provide tech support for their own stupidity. Yikes! But where there's a will, there's always a way. And by Friday night, not only were all the issues sorted out but the Google Voice Gtalk interface in Asterisk 1.8 for free calling in the U.S. and Canada is now better than ever. Our special thanks to the Asterisk Dev Team and Tom King of the PIAF Dev Team for restoring peace in the valley. No more callback hoops for outbound calling. Free DIDs in most area codes. Instantaneous connections. Crystal clear calls. You can almost hear a pin drop. And Incredible PBX now brings you all this magic in a turnkey install that even a monkey could handle.

As if we needed another one, our other surprise last week was the Ebay appearance of a Nortel SIP Videophone labeled as a 1535, but it had no WiFi in either the hardware or in the particular software build. The merchant was as surprised as we were to discover the missing WiFi component and now has corrected the ad. But that won't make the WiFi reappear. For those of you still purchasing these phones (and they're worth it), read the fine print if WiFi or firmware upgrades matter to you. The Turkish models have neither. As anyone that tracks Ebay auctions will tell you, the law of supply and demand controls the price. These began in the $30 range and as recently as two weeks ago were selling for almost $80. They've now dropped back into the $50-$60 range. You're usually better off calling the merchant, and the more you buy, the better the price. Five Stars Telecom usually stocks the U.S. models. But ask to be sure.

So here's the drill today. Just download the brand new PBX in a Flash 1.7.5.5.4 ISO with the newly patched Asterisk 1.8 Purple payload. Then burn the ISO to a CD and boot your server from the PIAF CD. Choose the Purple Edition after CentOS installs which will load Asterisk 1.8.1 with FreePBX 2.8. Finally, run through the 5-minute install of Incredible PBX for Asterisk 1.8.1. In less than an hour, you'll have a turnkey, secure PBX with a local phone number and free calling in the U.S. and Canada via your own Google Voice account plus dozens and dozens of terrific Asterisk applications to keep your head spinning for months. Not only can you start enjoying free phone service immediately, but you'll have a robust PBX platform that will keep your eyes popping for months learning about all the features that would have cost you hundreds of thousands of dollars less than a decade ago. Did we mention that all of this telephone goodness is absolutely FREE!

Thanks to its Zero Internet Footprint™ design, The Incredible PBX also remains the most secure Asterisk-based PBX around. What this means is The Incredible PBX™ has been engineered to sit safely behind a NAT-based, hardware firewall with minimal port exposure to your actual server. And you won't find a more full-featured Personal Branch Exchange™ at any price.

The Incredible PBX Inventory. For those that have never heard of The Incredible PBX, here's a feature list of components you get in addition to the base install of PBX in a Flash with CentOS 5.5, Asterisk 1.8, FreePBX 2.8, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Cepstral TTS, Hamachi VPN, and Mondo Backups are just one command away and may be installed using some of the PBX in a Flash-provided scripts.

Installing The Incredible PBX. The installation process is simple and straight-forward. Here are the 5 Easy Steps to Free Calling, and The Incredible PBX will be ready to receive and make free U.S./Canada calls immediately:

Installing PBX in a Flash. Here's a quick tutorial to get PBX in a Flash installed. To use Incredible PBX for Asterisk 1.8, we recommend the very latest 32-bit version of PBX in a Flash 1.7.5.5.4.3 If you installed it last week, that's not new enough. The ISO hasn't changed, but the Purple payload is radically different since this morning! Unlike other Asterisk aggregations, PBX in a Flash utilizes a two-step install process. The ISO only installs the CentOS 5.5 operating system. That hasn't changed. But, once CentOS is installed, the server reboots and downloads a payload file that includes Asterisk, FreePBX, and many other VoIP and Linux utilities including all of the new Google Voice components. To get the patched version of Asterisk 1.8.1, use today's new 1.7.5.5.4 ISO. Choose the new Purple Payload, and our special Asterisk 1.8 patched release and all of the Google Voice goodies will be configured automatically. And you won't have to worry about the CDR crashing your new server either.

WARNING #1: This install will completely erase, repartition, and reformat EVERY DISK (including USB flash drives) connected to your system so disable any disk you wish to preserve! Press Ctrl-C to cancel the install.

WARNING #2: The PIAF Dev Team currently classifies PIAF-Purple and Asterisk 1.8 as E-X-P-E-R-I-M-E-N-T-A-L. Remember the Pioneers! If you have a low threshold for pain, if you depend upon your PBX to actually make and receive phone calls, or if you understand the WAF and prefer sleeping with both eyes closed, abort this install now and choose PIAF-Gold, PIAF-Silver, or PIAF-Bronze. Otherwise, enjoy the ride!

On some systems you may get a notice that CentOS can't find the kickstart file. Just tab to OK and press Enter. Don't change the name or location of the kickstart file! This will get you going. Think of it as a CentOS 'feature'. If your system still won't boot, then you have an incompatible drive controller.

At the keyboard prompt, tab to OK and press Enter. At the time zone prompt, tab once, highlight your time zone, tab to OK and press Enter. At the password prompt, make up a VERY secure root password. Type it twice. Tab to OK, press Enter. Get a cup of coffee. Come back in about 5 minutes. When the system has installed CentOS, it will reboot. Remove the CD promptly. After the reboot, choose PIAF-Purple option. Have a 15-minute cup of coffee. After installation is complete, the machine will reboot a second time. You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time. Write down the IP address of your new PIAF server. You'll need it to configure your hardware-based firewall in a minute.

NOTE: For previous users of PBX in a Flash, be aware that this new version automatically runs update-programs and update-fixes for you. You still should set your FreePBX passwords by running passwd-masterafterThe Incredible PBX installer finishes!

Configuring Google Voice. You'll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We've tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it's over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

Call Screening - OFF

Call Presentation - OFF

Caller ID (In) - Display Caller's Number

Caller ID (Out) - Don't Change Anything

Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to download and run The Incredible PBX installer:

If you've installed the previous version of The Incredible PBX, you'll recall that there was a two-step install process after configuring another trunk with either SIPgate or IPkall. That's now a thing of the past. All you need to do after The Incredible PBX script completes is run passwd-master to set up your master password for FreePBX.

When The Incredible PBX install begins, you'll be prompted for the following:

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don't forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it's not necessary. But who knows what the future holds. The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the password you'll use to access FreePBX. You'll actually set it by running passwd-master after The Incredible PBX completes. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine... just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles... for all of our hard work. You'll find a link at the top of the page. While you're waiting (and so you don't forget), go ahead and configure your hardware-based firewall to support Google Voice. See the next section for what's required. Without completing this firewall configuration step, no calls will work! When the installer finishes, READ THE SCREEN just for grins.

Here's a short video demonstration of the original Incredible PBX installer process. It still works just about the same way except there's no longer a second step to get things working.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Firewall Configuration. We hope you've taken our advice and installed a hardware-based firewall in front of The Incredible PBX. It's your phone bill. You'll need to make one adjustment on the firewall. Map UDP 5222 traffic to the internal IP address of The Incredible PBX. This is the port that Google Voice uses for phone calls and Google chat. You can decipher the IP address of your server by logging into the server as root and typing status.

Logging in to FreePBX. Using a web browser, you access the FreePBX GUI by pointing your browser to the IP address of your Incredible PBX. Click on the Admin tab and choose FreePBX. When prompted for a username, it's maint. When prompted for the password, it's whatever you set up as your maint password when you installed Incredible PBX. If you forget it, you can always reset it by logging into your server as root and running passwd-master.

Extension Password Discovery. If you're too lazy to look up your extension 701 password using the FreePBX GUI, you can log into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone or color videophone in the next step:

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id data
+-----+-------+
701 18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended above. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, let's place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the Google Voice number that you've dedicated to The Incredible PBX. Your softphone should begin ringing shortly. If not, make certain you are not logged into Google Chat on a Gmail account with these same credentials. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk with the command: amportal restart.

Learn First. Explore Second. Even though the installation process has been completed, we strongly recommend you do some reading before you begin your VoIP adventure. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some time learning where the minefields are in today's VoIP world. Start by reading our Primer on Asterisk Security. We've secured all of your passwords except your root password and your passwd-master password, and we're assuming you've put very secure passwords on those accounts as if your phone bill depended upon it. It does! Also read our PBX in a Flash and VPN in a Flash knols. If you're still not asleep, there's loads of additional documentation on the PBX in a Flash documentation web site.

Adding Multiple Google Voice Trunks. Thanks to rentpbx on our forums, adding support for multiple Google Voice trunks is now a five-minute operation. Once you have your initial setup running smoothly, hop on over to the forums and check out this Incredible solution.

Choosing a VoIP Provider for Redundancy. Nothing beats free when it comes to long distance calls. But nothing lasts forever. And, in the VoIP World, redundancy is dirt cheap. So we strongly recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system... so that people can call you. Here's how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you're calling. If you're in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask. The trunks for Vitelity already are preconfigured with The Incredible PBX. Just insert your credentials using FreePBX. Then add the Vitelity trunk as the third destination for your default outbound route. That's it. Congratulations! You now have a totally redundant phone system.

Using ENUMPlus. Another terrific money-saving tool is ENUM. Your system comes with ENUMPlus installed. The advantage of ENUM is that numbers registered with any of the ENUM services such as e164.org can be called via SIP for free. You can read all about it in this Nerd Vittles' article. To activate ENUMPlus, you'll need to register and obtain an API Key at enumplus.org. It's free! Sign up, log in, and click on the Account tab to get your API key. Once you have your key, copy it to your clipboard and open FreePBX with your browser. Then choose SetUp, ENUMPlus and paste in your API Key. Save your entry, and you're all set. After entering your key, all outbound calls will be checked for a free ENUM calling path first before using other outbound trunks.

Stealth AutoAttendant. When incoming calls arrive, the caller is greeted with a welcoming message from Allison which says something like "Thanks for calling. Please hold a moment while I locate someone to take your call." To the caller, it's merely a greeting. To those "in the know," it's actually an autoattendant (aka IVR system) that gives you the opportunity to press a button during the message to trigger the running of some application on your Incredible PBX. As configured, the only option that works is 0 which fires up the Nerd Vittles Apps IVR. It's quite easy to add additional features such as voicemail retrieval or DISA for outbound calling. Just edit the MainIVR option in FreePBX under Setup, IVR. Keep in mind that anyone (anywhere in the world) can choose these options. So be extremely careful not to expose your system to security vulnerabilities by making certain that any options you add have very secure passwords! It's your phone bill.

Configuring Email. You're going to want to be notified when updates are available for FreePBX, and you may also want notifications when new voicemails arrive. Everything already is set up for you except actually entering your email notification address. Using a web browser, open the FreePBX GUI by pointing your browser to the IP address of your Incredible PBX. Then click Administration and choose FreePBX. To set your email address for FreePBX updates, go to Setup, General Settings and scroll to the bottom of the screen. To configure emails to notify you of incoming voicemails, go to Setup, Extensions, 701 and scroll to the bottom of the screen. Then follow your nose. Be sure to reload FreePBX when prompted after saving your changes.

A Word About Security. Security matters to us, and it should matter to you. Not only is the safety of your system at stake but also your wallet and the safety of other folks' systems. Our only means of contacting you with security updates is through the RSS Feed that we maintain for the PBX in a Flash project. This feed is prominently displayed in the web GUI which you can access with any browser pointed to the IP address of your server. Check It Daily! Or add our RSS Feed to your favorite RSS Reader. We also recommend you follow @NerdUno on Twitter. We'll keep you entertained and provide immediate notification of security problems that we hear about. Be safe!

This latest version of Incredible PBX locks down your server to private networks and existing, registered Asterisk devices. Should you need to enable additional IP addresses for other devices or providers at a later date, simply add the new IP addresses to /etc/firewall.whitelist and then rerun /root/firewall-whitelist.sh. For additional background, read this article.

Enabling Google Voicemail. Some have requested a way to retain Google's voicemail system for unanswered calls in lieu of using Asterisk voicemail. The advantage is that Google offers a free transcription service for voicemail messages. To activate this, you'll need to edit the [googlein] context in extensions_custom.conf in /etc/asterisk. Just modify the last four lines in the context so that they look like this and then restart Asterisk: amportal restart

PBX in a Flash SQLite Registry. Last, but not least, we want to introduce you to the new PBX in a Flash Registry which uses SQLite, a zero-configuration SQL-compatible database engine. After logging into your server as root, just type show-registry for a listing of all of the applications, versions, and install dates of everything on your new server. Choosing the A option will generate registry.txt in the /root folder while the other options will let you review the applications by category on the screen. For example, the G option displays all of The Incredible PBX add-ons that have been installed. Here's the complete list of options:

A - Write the contents of the registry to registry.txt

B - PBX in a Flash install details

C - Extra programs install details

D - Update-fixes status and details

E - RPM install details

F - FreePBX modules install details

G - Incredible PBX install details

Q - Quit this program

And here's a sample from an install we just completed. We'll have more details and additional utilities for your use in coming weeks.

Special Thanks. It's hard to know where to start in expressing our gratitude for all of the participants that made today's incredibly simple-to-use product possible. Please bear with us. To Mark Spencer, Malcolm Davenport, and the rest of the Asterisk development team, thanks for a much improved Asterisk. To Philippe Sultan and his co-developers, thank you for getting the final kinks out of Jabber with Asterisk. To Philippe Lindheimer & Co., thanks for FreePBX 2.8 which really makes Asterisk shine. To Lefteris Zafiris, thank you for making Flite work with Asterisk 1.8 thereby preserving all of the Nerd Vittles text-to-speech applications. To Darren Sessions, thanks for whipping app_swift into shape and restoring Cepstral and commercial TTS applications to the land of the living with Asterisk 1.8. And to our pal, Tom King, we couldn't have done it without you. You rolled up your sleeves and really turned Asterisk 1.8.1 into something special. No one will quite understand what an endeavor that was until they try it themselves. And, finally, to our legion of beta testers, THANK YOU! We've implemented almost all of your suggestions.

Additional Goodies. Be sure to log into your server as root and look through the scripts added in the /root/nv folder. You'll find all sorts of goodies to keep you busy. The 32-bit install-cepstral script does just what it says. With Allison's Cepstral voice, you'll have the best TTS implementation for Asterisk available. ipscan is a little shell script that will tell you every working IP device on your LAN. trunks.sh tells you all of the Asterisk trunks configured on your system. purgeCIDcache.sh will clean out the CallerID cache in the Asterisk database. convert2gsm.sh shows you how to convert a .wav file to .gsm. munin.pbx will install Munin on your system while awstats.pbx installs AWstats. s3cmd.faq tells you how to quickly activate the Amazon S3 Cloud Computing service. All the other scripts and apps in /root/nv already have been installed for you so don't install them again.

If you've heeded our advice and purchased a PogoPlug, you can link to your home-grown cloud as well. Just add your credentials to /root/pogo-start.sh. Then run the script to enable the PogoPlug Cloud on your server. All of your cloud resources are instantly accessible in /mnt/pogoplug. It's perfect for off-site backups and is included as one of the backup options in the PBX in a Flash backup utilities.

Don't forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number. Enjoy!

Support Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It's the best Asterisk tech support site in the business, and it's all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won't have to wait long for an answer to your questions.

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

Some Recent Nerd Vittles Articles of Interest...

For 64-bit systems with Asterisk 1.8, use the Cepstral install procedures outlined in this Nerd Vittles article. [↩]

If you use the recommended Acer Aspire Revo, be advised that it does NOT include a CD/DVD drive. You will need an external USB drive to load the software. Some of these work with CentOS, and some don't. Most HP and Sony drives work; however, we strongly recommend you purchase an external DVD drive from a merchant that will accept returns, e.g. Best Buy, WalMart, Office Depot, Office Max, Staples. You also can run The Incredible PBX on a virtual machine such as the free Proxmox server. Another less costly (but untested) option might be this Shuttle from NewEgg: $185 with free shipping. Use Promo Code: EMCYTZT220 [↩]

It’s been almost a year since we last wrestled with VoIP security for Asterisk®. With Christmas just around the corner, it seemed like a fitting time for a report card. Suffice it to say, the bad guys have not stood still. Attacks have become much more frequent and more sophisticated as VoIP systems have proliferated. A year ago we saw brute force attacks with thousands of password attempts on VoIP servers. These attacks could easily be detected by Fail2Ban. What we are seeing today are one and two hit drive-bys that usually are initiated from Windows zombies or hosted accounts established with stolen credit cards. These VoIP attacks fly under the radar unless you review your logs every day. Have the creeps gotten more patient? No, just smarter. They now understand the VoIP security model that has been deployed on systems like PBX in a Flash, and they simply work around it. Two hits per server, and they’re off to the next IP address only to return in a few hours to try two more. Are these attempts successful? Well, here’s the latest recipient of a $100,000 phone bill so the answer would appear to be affirmative.

We continue to wrestle with new security approaches to better protect Asterisk VoIP systems, and we’ve stumbled upon another golden arrow for your security quiver. Our Incredible PBX platform continues to offer the very best security solution because it is designed to sit safely behind a hardware-based firewall with virtually no exposure to the Internet. But such deployments assume that both your server and your phones are all safely ensconced behind a hardware-based firewall. If it turns out that you want to deploy a SIP phone for use by grandma or you’ve decided you’d like to try hosted PBX service from a provider such as rentpbx.com,1 then there either need to be holes opened in the firewall or there is no hardware firewall protection in the case of hosted service.

Over the past few weeks, we’ve explored a number of new security approaches to better protect your Asterisk server. These include The SunshineNetworks Knock as well as VoIP Black Lists and VoIP White Lists. If you’re technically savvy, you’ll want to carefully consider “The Knock” for all of your SIP phones exposed to the Internet.

We spent a good bit of time considering various VoIP BlackList solutions. As the name implies, a list of the bad guys’ IP addresses is fed into IPtables which then blocks access to your server from these addresses. Sounds good, right? One approach with a BlackList is to block all IP addresses from “problem countries.” The methodology to implement this solution can be found in this thread on the PIAF Forums. The problem, of course, is identifying the “problem countries.” Another option was to implement an IPtables Blacklist based upon the work of the VoIP Blacklist Project. Perhaps ironically, the VoIP Blacklist Project actually blocks the IP addresses of both Nerd Vittles and PBX in a Flash, and emails requesting removal of our IP address were ignored. To save time, the VoIP Blacklist Project employs CIDR Masks which can blacklist hundreds of thousands of IP addresses in one fell swoop. Problem is that a lot of innocent people get caught in the net, and there’s no easy way out without maintaining the blacklist yourself. The final dagger in the black list approach is zombies. Insecure Windows machines have been compromised by the droves worldwide and particularly in the United States. So identifying all of these now-malicious systems is not unlike playing Whack-a-Mole. When you block one of them, six more pop up. So, after giving it the good old college try, our view of VoIP Blacklists should be obvious. No, thanks. There are very real risks that the bad guys can and have poisoned existing blacklists with safe IP addresses, and the number of Windows zombies grows geometrically making it all but impossible to have or maintain a blacklist that affords any real protection.

These results with black lists led us to the conclusion that the only real security mechanism that could protect many VoIP servers today was a VoIP WhiteList for IPtables. As the name implies, we want to identify the IP addresses of every SIP and IAX trunk and extension on your server and then feed those addresses into IPtables so that the only access to VoIP resources on your server is from these addresses. Today’s VoIP WhiteList for IPtables consists of two bash scripts: one queries the MySQL database in which FreePBX stores all of the trunk and extension information for your server and the other populates IPtables with the results of the queries. We would hasten to add that a similar white list is equally important for SSH access to your server although we think it is better to implement an SSH WhiteList on your hardware-based firewall. In this way, you can adjust the SSH white list via web browser while traveling without locking yourself out of your Asterisk server.

Prerequisites. To use today’s VoIP WhiteList for IPtables, you’ll need either a current version of PBX in a Flash or Incredible PBX. Other aggregations will also work provided your system is FreePBX-based (version 2.6 or later), has IPtables already installed and functioning properly, and has an /etc/sysconfig/iptables configuration file that closely matches the stock PBX in a Flash design. We’ll leave it to you to make that call after reviewing the scripts.

VoIP WhiteList Design. We’ve designed the VoIP WhiteList for IPtables to be modular. There’s a firewall-whitelist-gen.sh script which extracts from MySQL the list of IP addresses used by your trunks and extensions. This text-based list is stored in /etc/firewall.whitelist. You can manually add and delete entries from the list once it is populated.You also can rerun the script at any time to generate a fresh catalog of WhiteList IP addresses based upon your current trunk and extension settings. This script also enables access to your server from the public IP address of your server as well as all non-routable IP addresses. Finally, it modifies /etc/sudoers slightly so that Travelin’ Man can be used to add dynamic IP addresses on the fly. We’ll cover that below.

The second script is firewall-whitelist.sh, and it is used to actually implement your new VoIP WhiteList in IPtables. The changes take effect immediately. It also can be run again to update these entries if you manually add or delete IP addresses in /etc/firewall.whitelist. This script always creates a backup copy of your previous /etc/sysconfig/iptables file and names it iptables.timestamp where the timestamp is the date and time of your last update, e.g. iptables.12012010-083841 was created on Dec. 1, 2010 at 08:38:41. If you should ever shoot yourself in the foot, simply copy one of the iptables backup files to /etc/sysconfig/iptables and then restart IPtables: service iptables restart.

WARNINGS: In order to implement the WhiteList, the script removes the existing IPtables entries which permit SIP and IAX access from anywhere using UDP ports 4569 and 5000 to 5082. If you have edited these entries in any way, you’ll need to remove them and restart IPtables before running firewall-whitelist.sh. Otherwise, your more general firewall entries will leave your system vulnerable to access from IP addresses not in your VoIP WhiteList.

If your system is running on a hosted server, you’ll need to make a couple of additions to /etc/sysconfig/iptables and restart IPtables (service iptables restart) before running firewall-whitelist.sh, or you may lock yourself out of your own server. Be sure to add the public IP address of your server, and also add the IP address from which you are making changes to your server. Each entry should look like the following example using your actual IP addresses. And the entries should be added above the COMMIT line in the same section of the iptables file as the existing UDP 10000:20000 ACCEPT entry:

-A INPUT -s 222.222.222.222 -j ACCEPT

Installing the VoIP WhiteList for IPtables. Installation is easy. Just log into your server as root and issue the following commands:

If you installed one of the beta versions of the VoIP WhiteList from the PIAF Forums, then you’ll need to do a little housecleaning before actually running either of the scripts. Just edit /etc/sysconfig/iptables and clean out all of the entries that contain 5000:5082 as well as any entries nearby that include the non-routable IP addresses, e.g. 192.168.0.0. Finally, if there are entries beginning with -A WHITELIST, delete those as well. Then restart IPtables: service iptables restart. Thank you for your testing and feedback!

Deploying Remote SIP Phones. What remains is some method for connecting remote SIP phones with dynamic IP addresses. Our Travelin’ Man application was specifically designed to provide this support although the initial version only opened the necessary IP address for Asterisk access. The latest release also provides the necessary IPtables support. You have two options: either remove the old version and supporting directories under /var/www/travelman or edit the index.php file in each subdirectory you’ve created and make the change shown in this post on the PIAF Forums. Enjoy!

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

Some Recent Nerd Vittles Articles of Interest…

We gratefully acknowledge the contributions of rentpbx.com to the PBX in a Flash Development Team. In addition to hosted accounts to test PBX in a Flash in the hosted environment, rentpbx.com also has contributed technical assistance particularly as it relates to our Google Voice-Asterisk integration efforts. [↩]

It’s been an exciting couple of weeks watching the overwhelmingly positive response to our release of Orgasmatron 5.1. With this version, we introduced a new Asterisk® security model that took into account the ever-increasing security risks posed by exposing web and telephony servers to direct Internet access. The bottom line is this. If your telecom requirements still can be accomplished by placing a server securely behind a $35 hardware-based Internet firewall with no Internet exposure, then it makes absolutely no sense to dangle such a tempting target in front of the world’s most nefarious creeps.

Our experience suggests that the only trade off with this new approach is the inability to receive anonymous SIP calls… a small price to pay considering the potential financial and computer risks involved. You still can place outbound VoIP calls as well as placing and receiving calls using any of the phone numbers registered on your new PBX in a Flash server. And, thanks to Google Voice, SIPgate, and IPkall, all inbound calls are free, and all outbound calls to numbers in the U.S. and Canada are free as well.

If a SIP URI and your own Freenum/ISN number are simply features you can’t live without, sign up for a voip.ms IAX account, and you’ll get a SIP URI for free. Inbound SIP URI and Freenum/ISN calls will set you back $1 for every 1,000 minutes billed in 6 second increments.

Keep in mind that a new security vulnerability has been found with either Asterisk or FreePBX almost monthly. The chart below tells you why. With virtually limitless attack surfaces because of the number of interrelated components in CentOS, Asterisk, and FreePBX comes enormous and recurring potential for remote compromise of these systems. Rather than play this cat-and-mouse security game with the underworld, the Orgasmatron design changes the paradigm. It lets you use any (secure or insecure) version of Asterisk and FreePBX without worrying about any outside attacks. Do passwords on your new server matter? Not really… unless there is someone inside your firewall that you don’t trust. Are we going to secure them anyway? Absolutely. But instead of the constant worry over new security vulnerabilities, Orgasmatron 5.2 lets you enjoy exploring the world of Asterisk and VoIP telephony with an incredibly rich feature set that you won’t find anywhere else, period! We’ll resist making any other device analogies, but the idea here is to protect the good guy (you!) while keeping the bad guys out. No penetration. No worries. Simple as that.

In our former life working for a living, we actually procured and managed multimillion dollar PBXs as part of our “other duties as assigned.” Without qualification, we can tell you that the feature set that Orgasmatron 5.2 brings to the table for free runs circles around anything you could buy (then or now) in the commercial marketplace. And, at one time or another, we purchased every Nortel feature good money could buy. There’s one other difference. Orgasmatron 5.2 runs swimmingly on a $200 Atom-based PC that you can purchase at any Best Buy as well as hundreds of other stores including Amazon, NewEgg, and Buy.com. We paid more than $200 to provision an additional extension on our Nortel switch! You, of course, can add as many extensions as you like. De nada.

So, why a new version of Orgasmatron in only a few weeks? Well, it’s not security-related. In fact, there is nothing wrong with continuing on with Orgasmatron 5.1. Unfortunately, it relied exclusively upon SIPgate to make free Google Voice calls in the U.S. and Canada. And SIPgate required an invite using an SMS message from a U.S.-based cellphone. That pretty well knocked out all of our friends living outside the United States. Today’s version fixes that by letting anyone sign up for a free IPkall phone number in Washington state. All you need is a valid email address. The setup process is a bit more complex because IPkall doesn’t support registered connections to their servers. But we’ll walk you through the additional steps and, once completed, your server will be just as secure as the SIPgate approach we set up with Orgasmatron 5.1. And few, if any, Linux skills are required to set up or manage Orgasmatron 5.2. As we’ve noted previously, if you can handle slice and bake cookies, you’ve got the necessary skillset! Be aware this is about a one-hour project, and you need to track through the article carefully, or the entire house of cards comes down.

New Asterisk Security Model. Orgasmatron 5.2 maintains our design goal of running an absolutely secure Asterisk PBX from behind a hardware-based firewall with either NO INBOUND PORTS exposed to the Internet with SIPgate or an IP-address-restricted IAX port for IPkall. Don’t defeat this security mechanism by exposing additional ports on your PBX in a Flash server to Internet access. And choose your NAT-based firewall/router carefully. All of these devices are not created equally. Not only do some perform better than others, but certain models are notoriously bad at handling NAT-based routing tasks, a critical requirement in the Asterisk VoIP environment. In almost every case of problems with one-way audio, the real culprit can be traced back to a crappy router. For $35, you really can’t go wrong with the dLink WBR-2310. If you want traffic shaping functionality as well, take a look at dLink’s Gaming Router, our personal favorite.

As long as your router, Google Voice, SIPgate, and IPkall passwords are secure, you can sleep like a baby. We use an intermediate SIP provider for Google Voice to set up free outbound Google Voice calls in the U.S. and Canada because Google Voice actually places two calls to connect you to your destination. First, you get a call back. And then the party you’re calling is connected. The SIPgate or IPkall trunk is used by Google Voice to call you back so the inbound call is always free. We handle the interconnection magic with Asterisk transparently so your calls appear to be processed as if you were using a standard telephone to dial out. Just refrain from using extension 75 in Asterisk for personal conferencing!

The choice is yours. You can use SIPgate with no incoming ports exposed to your server from the Internet. Or you can use IPkall and map UDP port 4569 (IAX2) on your hardware-based firewall to the internal IP address of your new PBX in a Flash server. Even with the IPkall setup, we’ve locked down IPtables (our Linux firewall) to restrict IAX access to several specific IP addresses so your server remains absolutely secure. We’ve also included support for FonicaTec’s IAX offering for those that want a backup IAX provider. We’ll have much more to say about IPtables in coming weeks.

If you’ve already installed Orgasmatron 5.1 and it’s working for you, do you need to upgrade? NO. With the exception of the new IAX support for IPkall, the code in Orgasmatron 5.2 is identical.

We, of course, continue to recommend that you sign up with Vitelity so you have an alternate communications vehicle in the event of a problem with your free service. Vitelity also can provide 911 emergency service for your home or home office. You can save a little money while supporting the PBX in a Flash project by using the links at the end of this article.

Swiss Army Knife Inventory. There’s no need for a Swiss Army Knife if you don’t know what all the blades are for. So, for those that are wondering what’s included in the Orgasmatron 5.2 build, here’s a feature list of the components you get in addition to the base PBX in a Flash build with CentOS 5.4, Asterisk 1.4, FreePBX 2.6, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Please note that A2Billing, Cepstral TTS, Hamachi VPN, and Mondo Backups are optional and may be installed using the scripts that are provided.

Learn First. Install Second. Even though the installation process is now a No-Brainer, you are well-advised to do some reading before you begin. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some time learning where the minefields are in today’s VoIP world. Start by reading our Primer on Asterisk Security. Then read our PBX in a Flash and VPN in a Flash knols. If you’re still not asleep, there’s loads of additional documentation on the PBX in a Flash documentation web site.

Today’s Drill. The installation process is straight-forward, but a little different than the Orgasmo 5.1 scenario because of the need to accommodate IPkall. Just don’t skip any steps. In a nutshell, here are the 6 Steps to Free Calling and an incredibly versatile, preconfigured Asterisk PBX:

1. Install the latest version of PBX in a Flash2. Run the Orgasmatron 5.2 Installer3. Configure a softphone or SIP telephone4. Configure Providers for Orgasmatron 5.25. Enter your Google Voice and SIPgate/IPkall credentials6. Change existing passwords to secure your system

Installing PBX in a Flash. Here’s a quick tutorial to get PBX in a Flash installed. We recommend you install the latest PIAF 1.6 beta on a new Atom-based PC. This beta is virtually identical to version 1.4 except it uses CentOS 5.4 instead of CentOS 5.2. This means it works better with newer hardware including Atom-based computers and newer network cards. Unlike other Asterisk aggregations, PBX in a Flash utilizes a two-step install process. The ISO only installs the CentOS operating system. Once installed, the server reboots and downloads a payload file that includes Asterisk, FreePBX, and many other VoIP and Linux utilities. We use the identical payload for versions 1.3, 1.4, 1.5, and 1.6 of PBX in a Flash. The beta label simply means we haven’t had time to sufficiently test CentOS. But this is not a Microsoft-style beta so fear not!

WARNING: This install will completely erase, repartition, and reformat ALL disks on your system! Press Ctrl-C to cancel the install.

On some systems you may get a notice that CentOS can’t find the kickstart file. Just tab to OK and press Enter. Don’t change the name or location of the kickstart file! This will get you going. Think of it as a CentOS ‘feature’.

At the keyboard prompt, tab to OK and press Enter. At the time zone prompt, tab once, highlight your time zone, tab to OK and press Enter. At the password prompt, make up a VERY secure root password. Type it twice. Tab to OK, press Enter. Get a cup of coffee. Come back in about 5 minutes. When the system has installed CentOS, it will reboot. Remove the CD promptly. After the reboot, choose A option. Have a 10-minute cup of coffee. After installation is complete, the machine will reboot a second time. Log in as root with your new password and execute the following commands:

update-scriptsupdate-fixes

When prompted, change the ARI password to something really obscure. You’re never going to use it! You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time.

NOTE: So long as your system is safely sitting behind a hardware-based firewall, we do NOT recommend running update-source on the Orgasmatron builds because of parking lot issues in the latest releases of Asterisk.

Running the Orgasmatron 5.2 Installer. Log into your server as root and issue the following commands to run the Orgasmatron 5.2 installer:

Have another 15-minute cup of coffee. It’s a great time to consider a modest donation to the Nerd Vittles project. You’ll find a link at the top of the page. When the installer finishes, READ THE SCREEN!

Now run passwd-master1. Set your FreePBX passwords to something very secure but different from your Linux root password.

Next, type status2 and press Enter. Write down the IP address of your new server.

If you’re using IPkall, now’s the time to log in to your hardware-based firewall/router and map UDP port 45693 to the private IP address that you just wrote down. This tells your firewall to pass all IAX2 traffic from the Internet directly to your new server. Don’t worry. We have severely restricted which IP addresses can actually send IAX data through the PBX in a Flash IPtables firewall which is an integral part of this build. And, remember, no hardware firewall adjustments are necessary if you’re using SIPgate instead of IPkall.

For good measure, we recommend you reboot your server at this point. The command to type is simple: reboot4

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you’ll want a real SIP telephone, and you’ll find lots of recommendations on Nerd Vittles. For today, let’s download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 82812661 as the password for extension 701 and the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Don’t Forget! After you change your extension passwords later in this tutorial, you will need to update the password entry in X-Lite, or you will no longer be able to place calls! In fact, you will get locked out of your server for 90 minutes after three failed password attempts. So put this on a sticky note so you don’t forget, or you’ll regret it in about 15 minutes.

Either a free SIPgate One residential phone number or an IPkall number is a key component in today’s project. And there’s really no reason you can’t use both if they’re available in your location. Do NOT use special characters in your provider passwords, or nothing will work! Continue reading whichever section below applies to you.

Configuring SIPgate. If you live in the U.S. and have a cellphone, we’d recommend the SIPgate option since no adjustment of your hardware-based firewall is required. Otherwise, skip to the IPkall setup below. Step #1 is to request a SIPgate invite at this link. You’ll need to enter your U.S. cellphone number to receive the SMS message with your invitation code. Don’t worry. You can erase your cellphone number from your account once it is set up. Once you receive the invite code, enter it and choose the option to set up a residential account. Next, choose a phone number and write it down. The area code really doesn’t matter because Google Voice is the only one that will be calling this number after we get things set up. For now, leave your cellphone number in place so that you can receive your confirmation call from Google Voice in the next step. After that, you’ll want to revisit SIPgate and remove all parallel calling numbers. Finally, click on the Settings link and write down your SIP ID and SIP Password. You’ll need these in a few minutes to configure PBX in a Flash. Now place a call to your new SIPgate number and make certain that your cellphone rings before proceeding.

Configuring IPkall. If you’ve opted to use IPkall, here’s the drill. First, you’ll need to register for a free IPkall number. This is actually a two-step process. Set it up as a SIP connection when you first register. Then we’ll change it to IAX once your new phone number is provided. So your initial IPkall request should look like this:

We recommend area code 425 for your requested number because IPkall appears to have lots of them. If they don’t have an available number, your request apparently goes in the bit bucket. You’ll know because IPkall typically turns these requests around in a few minutes. Don’t worry about the mothership entry. We’ll change it shortly. The other issue here is your public IP address. If you have a dedicated IP address, no worries. Just plug in the IP address for SIP Proxy. If it’s dynamic, then you’ll need to set up a fully-qualified domain name (FQDN) with a provider such as dyndns.com. Once you’ve got it set up, enter your credentials in the Dynamic DNS tab of your hardware-based firewall to assure that your dynamic IP address is always synchronized with your FQDN. Then enter the FQDN for your SIP Proxy address in the IPkall form. Be sure to make up a VERY secure password. Now send it off and wait for the return email with your new phone number.

When you receive your new phone number, you’ll need to revisit the IPkall site and log in with your phone number and the password you chose above. Make the changes shown below using your actual IPkall phone number instead of 4259876543:

It’s worth stressing that these settings are extremely important so check your work carefully. Be sure the IAX option is selected. Be sure there are no typos in your two phone number entries. And be sure your FQDN or public IP address is correct. Then save your new settings.

We’re going to be making some entries in FreePBX which is the web-GUI that manages PBX in a Flash. For now, we simply need to enter your new IPkall phone number so that incoming calls to your IPkall number will actually ring on your softphone. Later, we’ll make some further adjustments once we get Google Voice humming along.

Using a web browser from your desktop, log in to FreePBX 2.6 at the following link substituting your server’s private IP address for ipaddress: http://ipaddress/admin. You’ll be prompted for a user name (maint) and password (the one you just created with passwd-master).

TIP: Be aware that IPkall cancels an assigned phone number after 30 consecutive days of inactivity. If you will be using your number infrequently, it’s a good idea to schedule a Weekly Reminder to call the number with a prerecorded message. This will assure that your number stays functional.

Now let’s test your new phone number. Call your IPkall number from a cellphone or some other phone. Your softphone should ring. Answer the call, and be sure you have voice in both directions! Do not proceed without success here, or the rest of the adventure is a waste of your time.

Configuring Google Voice. Google Voice still is by invitation only so the first thing you’ll need is an invite. If you’re in a hurry, then stroll over to eBay where you’ll find lots of them for under $2. Once you have your invite in hand, click on the email link to set up your account. After you’ve chosen a telephone number, plug in your new SIPgate or IPkall number as the destination for your Google Voice calls and choose Office as the Phone Type. Trust us.

Google then will place a call to your number and ask you to enter a confirmation code that’s been provided. When your cellphone (SIPgate) or softphone (IPkall) rings, answer it and punch in the number. Wait for confirmation. Then hang up.

As we mentioned earlier, there’s no reason you can’t set up both SIPgate and IPkall forwarding numbers in Google Voice. Just repeat the drill with the other provider’s number if you wish to activate both numbers for use with Google Voice. They’re not both going to ring simultaneously as you will see in a minute.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

Call Screening – OFF

Call Presentation – OFF

Caller ID (In) – Display Caller’s Number

Caller ID (Out) – Don’t Change Anything

Do Not Disturb – OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Finally, place a test call to your new Google Voice number and be sure your cellphone or softphone rings. Don’t move forward until you’ve been able to successfully place a call to your phone by dialing your Google Voice number. Once this is working, revisit SIPgate and remove all parallel calling numbers including your cell number.

Adding Your Credentials to PBX in a Flash. We’re ready to insert your Google Voice credentials and SIPgate/IPkall number into PBX in a Flash. You’ll need four pieces of information: your 10-digit Google Voice phone number, your Google Voice account name (which is the email address you used to set up your GV account), your GV password (no spaces!), and your 11-digit SIPgate or IPkall RingBack DID (beginning with a 1). Don’t get the 10-digit GV number mixed up with the 11-digit SIPgate/IPkall RingBack DID, or nothing will work.

Log back into your server as root and issue the following command: ./configure-gv. Check your entries carefully. If you make a typo in entering any of your data, press Ctrl-C to cancel the script and then run it again!!

Configuring FreePBX. Now shift back to your Desktop and, using a web browser, log in to FreePBX 2.6 at the following link substituting your actual IP address for ipaddress: http://ipaddress/admin. You’ll be prompted for a user name (maint) and password (the one you just created with passwd-master). Depending upon which intermediate provider you’re using, do the following:

Securing FreePBX. You’re almost done. While still in FreePBX, choose each of the 16 preconfigured extensions on your new server and change the extension AND voicemail passwords. Here’s the drill: Setup, Extensions, 501, Submit. After changing secret and Voicemail Password, repeat with the next extension number instead of 501. Then Apply Config Changes, Continue when you’ve finished with all of them.

Don’t forget to adjust your X-Lite password to match the password entry you made for extension 701!

Orgasmatron Test Flight. The proof is in the pudding as they say. So let’s try two simple tests. First, from another phone, call your Google Voice number. Your softphone should begin ringing shortly. Answer the call and make sure you can send and receive voice on both phones. Hang up. Now let’s place an outbound call. Using the softphone, dial your cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. If everything is working, congratulations!

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. Save the file and restart Asterisk with the command: amportal restart.

Choosing a VoIP Provider. For this week, we’ll point you to some things to play with on your new server. Then, in the subsequent articles below, we’ll cover in detail how to customize every application that’s been loaded. Nothing beats free when it comes to long distance calls. But nothing lasts forever. So we’d recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system… so that people can call you. Here’s how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you’re calling. If you’re in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.

The VoIP world is new territory for some of you. Unlike the Ma Bell days, there’s really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.

Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and the Orgasmatron build adds a bunch of additional options. See if you can find all of them. For starters, you’ll want to activate CallerID Lookups in FreePBX. Choose Setup, CID Superfecta, Default and enter the maint password you created with passwd-master. Then choose Tools, Module Administration, CallerID Lookup, Enable, Process and Save the Settings. Then edit each of the Inbound Routes and choose CallerID Superfecta as the CID Lookup Source. Save your changes. Finally, choose Setup, CallerID Lookup Sources, CallerID Superfecta and be sure your maint password created with passwd-master is correct here, too. If not, update it. For additional tips, visit the forums.

Be sure to log into your server as root and look through the scripts added in the /root/nv folder. You’ll find all sorts of goodies to keep you busy. s3cmd.faq tells you how to quickly activate the Amazon S3 Cloud Computing service. And, if you’ve heeded our advice and purchased a PogoPlug, you can link to your home-grown cloud. Just add your credentials to /root/pogo-start.sh. Then run the script to enable the PogoPlug Cloud on your server. All of your cloud resources are instantly accessible in /mnt/pogoplug. It’s also perfect for off-site backups!

Also check out Tweet2Dial which lets you use Twitter to make Google Voice calls, send free SMS messages, and manage your new Asterisk server. Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number. Finally, try out the included Stealth AutoAttendant by dialing your own number and pressing 0 while the greeting is played. This will reroute your call to the demo applications option in the IVR.

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! We maintain a thread with the latest Patches for Orgasmatron 5.1 and 5.2. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won’t have to wait long for an answer to your questions.

Coming Attractions. In our next episode, we’ll walk you through the process of adding a second, third, fourth, and fifth Google Voice line to your server so that you’ll never run out of free calling on your server. Enjoy!

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

Some Recent Nerd Vittles Articles of Interest…

passwd-master is the PIAF utility for setting a master password for FreePBX access with the maint user account. [↩]

status is the PIAF utility program that displays the current status of most major applications running on your server. [↩]

Mapping a port on your firewall to a private IP address unblocks certain Internet packets and allows them to pass through your firewall directly to an IP device “inside” your firewall for further processing. [↩]

It takes a lot to get us excited about a new product offering. But this one is a real winner! For under $130, Cloud Engines provides you your very own PogoPlug 2.0 device that connects to your router and shares up to four USB drives over the Internet. At today’s prices and ignoring sales tax, that means you can put eight terabytes of Cloud Storage on line for a one-time cost of about $100/terabyte. To give you a point of reference, Google will rent you the same space for $256/terabyte… per year. And Google is one of the least expensive Cloud Computing resources out there. Here’s the math for naysayers:

For those that don’t need 8 terabytes, the 2 terabyte setup including the drive and PogoPlug device is still just over half the one-year rental rate of equivalent storage from Google. And, just to be clear, this isn’t merely a storage device (like Amazon S3) requiring downloads before the files can actually be used. PogoPlug’s software makes these USB drives an integral part of your Desktop just like any other attached storage devices. Think WebDAV! So it makes a perfect home for your music, movie, and photo collections. There also are loads of Open Source applications for PogoPlug for those that like to tinker. And you can use PogoPlug to keep synchronized backups of your important files.

Other Options. Be aware that for about $50 less, you can purchase the Seagate FreeAgent DockStar Network Adapter which includes a single year of PogoPlug Internet support. After that, it’s $30 annually. Translation: By the end of the second year, you’re better off with the PogoPlug. So the choice is a No-Brainer in our book. But, the fact that Seagate is also standing behind the PogoPlug design should make everyone sleep more soundly.

Deployment. After a one-minute, one-time setup over the Internet, you can securely access all of your USB drive resources via PogoPlug using either a web browser or one of several free desktop applications that are available for Windows, Mac OS X, Linux as well as Android phones, iPhones, and (earlier today) Blackberrys. And you get free support and a terrific forum. The device works flawlessly behind either a DSL or cable modem AND a NAT-based router so there are no firewall issues to address. Just enter the serial number on the bottom of your device when you access the PogoPlug web site, and configuration is automatic.

Uploading Files. One of PogoPlug’s slickest features is its automatic cataloging of files which are uploaded. Once uploaded, you can view your Music, Movies, and Pictures by simply clicking on one of the buttons. Photos are cataloged into directories by the month in which the photos were taken. Music is indexed by artist, album, and genre. In addition, music by artist, album and genre as well as photo albums can be shared by entering email addresses for those that can access the materials, by enabling public viewing (assuming you have legal rights to do so), or by sharing items using your Twitter, Facebook, and MySpace credentials. We’ve shared a photo album just to give you an idea of how this works. The security and logistical nuts and bolts all are managed by Cloud Engines’ servers. You can review and modify the materials you’re sharing by clicking on the Files I Share link in your browser. Finally you can automatically alert those with share privileges when folder content is updated. Very slick!

Give PogoPlug a try. By clicking on one of our links, you also help support the Nerd Vittles project. We think you’ll be as thrilled as we are with this terrific new creation. Enjoy!

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.

Some Recent Nerd Vittles Articles of Interest…

The in-store pricing at WalMart is actually cheaper than on line for these particular drives. [↩]